Man in The Middle (MiTM) Affecting org.apache.hbase:hbase package, versions [0.92.0, 0.94.9)


0.0
medium
  • Attack Complexity

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHEHBASE-30636

  • published

    7 Sep 2014

  • disclosed

    29 May 2014

  • credit

    Unknown

How to fix?

Upgrade org.apache.hbase:hbase to version 0.94.9 or higher.

Overview

org.apache.hbase:hbase is an open-source non-relational distributed database modeled after Google's Bigtable and written in Java.

Affected versions of this package are vulnerable to Man in The Middle (MiTM). When the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.

References